New Data Privacy Law for Citizens of Belgium, the Act
Belgium’s Act of 30 July 2018 on the Protection of Natural Persons with Regard to the Processing of Personal Data or the Act for short is a data privacy law that was recently passed in 2018. As Belgium is one of the various European countries that comprise the EU, the Act was enacted for the purposes of implementing the General Data Protection Regulation into Belgian law. To this end, Act of 30 July 2018 on the Protection of Natural Persons with Regard to the Processing of Personal Data and the EU’s GDPR law represent the legal basis for the collection and processing of personal data within Belgium. Furthermore, the law also empowers the Belgian Data Protection Authority or DPA to enforce the provisions of the law.
What are the differences between the Act and the EU’s GDPR law?
Many of the provisions of Belgium’s Act of 30 July 2018 on the Protection of Natural Persons with Regard to the Processing of Personal Data remain unchanged when compared with the EU’s GDPR law. However, there are some differences between the two pieces of legislation, particularly as it relates to the requirements of data controllers and processors. To illustrate this point further, the Act contains a general provision that requires data controllers and processors within Belgium to “be accredited by the national accreditation body named in accordance with Regulation (EC).” Alternatively, the Act also places certain restrictions on the collection and processing of special categories of personal data
Under the Act, any “controller processing genetic data, biometric data, or data concerning health” is responsible for taking a variety of additional measures when handling such forms of data. These measures include but are not limited to designating the categories of individuals who will have access to these special categories of personal data, meticulously describing the capacity of these individuals with regard to the processing of all data concerned, and maintaining a list of the “categories of persons at the disposal of the competent supervisory authority;” Conversely, the law also requires that parties involved in the collection and processing of special categories of personal data are bound by “a legal or legal obligation or by an equivalent contractual provision to respect the confidential nature of the data concerned.”
What are the rights of data subjects under the Act when compared with the EU’s GDPR law?
The rights of Belgian citizens under Act of 30 July 2018 on the Protection of Natural Persons with Regard to the Processing of Personal Data are the same as those offered to citizens of other EU member states under the General Data Protection Regulation. These rights include the following:
- The right to be informed.
- The right to access.
- The right to erasure.
- The right to rectification.
- The right to object or opt-out.
- The right to data portability.
- The right not to be subject to automated decision-making.
In terms of the penalties and sanctions that can be imposed against data controllers and processors who fail to comply with the law, Belgium’s Act of 30 July 2018 on the Protection of Natural Persons with Regard to the Processing of Personal Data is enforced by the Supervisory Body for Police Information Management or the Supervisory Body for short. To this point, the Supervisory Body has the authority to impose a variety of sanctions and punishments against data controllers and processors within Belgium who fail to comply with the law. Such penalties include “a fine of five hundred euro to thirty thousand euro ($564 to $33,871)”, a fine of up to 4% of a particular business’s or organization’s global revenue for a given fiscal year, as well as criminal and civil liabilities.
Examples of actions that could lead to such punishments include “processing personal data in contravention of the conditions for processing imposed by articles 75, 109, 141 and 170 and any person acting under the authority of the authority referred to in Title 3 or its processor, who through personal negligence, provided it can be qualified as serious, or maliciously, processes data in contravention of the conditions imposed by articles 75, 109, 141 and 170”, as well as “extracting the data subject’s consent to the processing of personal data relating to him or her, uses matters of fact, violence, threats, gifts or promises.” The Act also states that “without prejudice to specific provisions, the controller, the processor, or its representative in Belgium shall be liable for the payment of the fines his attendant or authorized representative are ordered to pay.”
Through the implementation of the EU’s GDPR law in conjunction with the passing of Belgium’s Act of 30 July 2018 on the Protection of Natural Persons with Regard to the Processing of Personal Data, Belgian citizens were provided with legal protections and guarantees concerning their personal data and in turn, privacy. As both the Act and the EU’s GDPR law allow for violators of such laws to be punished in a manner that is severe, Belgian citizens can rest assured that their personal data is being safeguarded in the most efficient manner possible. In this way, the European Union contains to be a model regulatory authority as it relates to the protection of personal data on a global scale.